Embed Size (px)
Citation preview
08IT035 vvp IT
INTERNET SECURITY
Prepared ByJEMINI GANATRA
25/10/2010
I
08IT035 VVP IT
A Seminar report on
INTERNET SECURITY
Submitted
To
V.V.P. Engineering College
Gujarat Technological University
For partial fulfillment
Of the requirement for the award of the degree of
B.E. (Information & Technology)
Prepared By Guided By
Jemini Ganatra Ms. Vidhi
2010
ii
08IT035 VVP IT
V.V.P. ENGINEERING COLLEGE
CERTIFICATE
This is to certify that the work presented in the seminar entitled
INTERNET SECURITY
has been carried out by
JEMINI GANATRA
08IT035
In a manner sufficiently satisfactory to warrant its acceptance as a partial fulfillment of the requirement for the award of the degree of
B.E. in Information & Technology Engineering
This is a bonafide work done by his/her and has not been submitted to any other University / Institute for the award of any other Degree/ Diploma
Under the guidance of
Seminar Guide Head of the Department
iii
08IT035 VVP IT
Ms. Vidhi Makadiya Prof. Avani Vasant
ACKNOWLEDGEMENT
The satisfaction that accompanies that the successful completion of any task would be incomplete without the mention of people whose ceaseless cooperation made it possible, whose constant guidance and encouragement crown all efforts with success. We are grateful to our project guide Ms.Viddhi for the guidance, inspiration and constructive suggestions that helped us in the preparation of this project.
iv
08IT035 VVP IT
ABSTRACT
The Internet is a pervasive force which is working its way into all aspects of our
civilization - of this fact there is no doubt. One could spend countless hours, days, and months
debating and studying the implications and connotations of this fact and its influence on
education, business, etc. However, in studying this medium, it is important to remain cautious
and realize the security issues surrounding the Internet. Being overly cautious and
conservative in this exploration is detrimental and foolish - the resources left undiscovered by
frightened people will be expanded by others, leaving the paranoid in the dust. However, it is
ultimately more careless to assume that all is legitimate and nothing will harm you. It's that
old principle of "that'll never happen to me" that can make one vulnerable. Educated medium
should be achieved between these extremes. We plan to take a look at the current work of
hackers threatening e-commerce, politics, and individuals with a range of viruses. Also what
is the difference between personal computers, e-commerce, and computer networks on college
campuses when it comes to security? Most importantly, how secure do you feel? How do age
and gender affect people's reactions on this matter? What general precautions can be affected
to make the common computer user better educated and more confident with their security?
We propose to research security policies and their effectiveness with an emphasis on current
events and the boom of buying and trading online. Then taking this information and
correlating with data compiled from extensive surveying of college students and the public
with a focus on age as a determining factor in the matter of personal security on the Internet.
v
08IT035 VVP IT
TABLE OF CONTENT
vi
08IT035 VVP IT
INTRODUCTION
Internet security is a branch of computer security specifically related to the Internet. It's
objective is to establish rules and measure to use against attacks over the Internet. The
Internet represents an insecure channel for exchanging information leading to a high risk of
intrusion or fraud (e.g. phishing). Different methods have been used to protect the transfer of
data, including encryption.
When the term network security is used, it refers to the security of the network in general.
This includes such issues as password security, network sniffing, intrusion detection,
firewalls, network structure and so forth.
1.1 Security Violation Definition
Computer or network security has been violated when unauthorized access by any party
occurs.
Why Security?
Computer security is required because most organizations can be damaged by hostile software
or intruders. There may be several forms of damage which are obviously interrelated. These
include:
Damage or destruction of computer systems. Damage or destruction of internal data. Loss of sensitive information to hostile parties. Use of sensitive information against the organization's customers which may result in
legal action by customers against the organization and loss of customers. Damage to the reputation of an organization.
The methods used to accomplish these unscrupulous objectives are many and varied
depending on the circumstances. This guide will help administrators understand some of these
vii
08IT035 VVP IT
methods and explain some countermeasures.
Security Issues
Computer security can be very complex and may be very confusing to many people. It can
even be a controversial subject. Network administrators like to believe that their network is
secure and those who break into networks may like to believe that they can break into any
network. I believe that overconfidence plays an important role in allowing networks to be
intruded upon. There are many fallacies that network administrators may fall victim to. These
fallacies may allow administrators to wrongfully believe that their network is more secure
than it really is.
This guide will attempt to clarify many issues related to security by doing the following:
Help you determine what you are protecting. Break computer security into categories. Explain security terms and methods. Point out some common fallacies that may allow administrators to be overconfident. Categorize many common attacks against networks and computers. Explain some attack methods. Describe tools that can be used to help make a network more secure.
Security Limitations and Applications
If you are reading this document and are thinking that you can get all the information required
to make your network completely secure, then you are sadly mistaken. In many ways,
computer security is almost a statistical game. You can reduce but not eliminate the chance
that you may be penetrated by an intruder or virus. This is mainly for one reason.
No one can ever know all the software vulnerabilities of all software used on a system.
This is why even those who consider themselves hackers will say that the number one
computer security threat is the lack of quality in the applications and operating systems. At
this point, I could talk about the various corporate entities that write software and why
viii
08IT035 VVP IT
software lacks the quality that many of us believe that it should possess, but that subject is not
only way beyond the scope of this document, but also way beyond the scope of this project.
The bottom line here is that unless you can remove all the application and operating system
problems that allow viruses and intruders to penetrate networks, you can never secure your
network. Additionally the users on your network are potentially a greater security risk than
any programs. Obviously removing all vulnerabilities is impossible and will not secure your
network against user errors. I have even considered the possibility that an operating system
without a network interface can be completely secure, but even this cannot be guaranteed.
Unknown viruses or trojan programs can creep in with applications on CDs or floppies. This
has been known to happen. Although an attacker may not be able to get data from the system,
they can damage or destroy data.
Layered Security
The fact that complete security is impossible is the reason security experts recommend
"layered security". The idea is to have multiple ways of preventing an intrusion to decrease
the chance that intrusions will be successful. For example, you should have virus protection
on your client computers. To help layer this security you should also filter viruses at your
email server. To help even more, you should block the most dangerous types of email
attachments to prevent unrecognized viruses and other hostile software from entering your
network. Another good defense layer would also include educating your users about viruses,
how they spread, and how to avoid them.
Hackers
There are many documents that attempt to define the term hacker. I believe that the term
hacker is a connotative term. This means that it is more defined by people's beliefs rather than
by a dictionary. Some believe that a hacker is a very skilled computer person. Others believe
that hackers are those that perform unauthorized break ins to computer systems. The media
and many sources have caused many uninformed people to believe that a hacker is a threat to
computer and network security while this is not the case. A hacker is no more likely to break
ix
08IT035 VVP IT
the law than anyone else. I use the more accurate descriptive term, "intruder" to describe those
who intrude into networks or systems without authorization.
Physical Security
This guide will not talk about physical computer security beyond this paragraph. Your
organization should be aware how physically secure every aspect of its network is because if
an intruder gets physical access, they can get your data. Be sure the your organization
properly secures locations and consider the following:
Servers - Contain your data and information about how to access that data. Workstations - Man contain some sensitive data and can be used to attack other
computers. Routers, switches, bridges, hubs and any other network equipment may be used as an
access point to your network. Network wiring and media and where they pass through may be used to access your
network or place a wireless access point to your network. External media which may be used between organizational sites or to other sites the
organization does business with.
Locations of staff who may have information that a hostile party can use.
Some employees may take data home or may take laptops home or use laptops on the internet
from home then bring them to work. Any information on these laptops should be considered
to be at risk and these laptops should be secure according to proper policy when connected
externally on the network.
x
08IT035 VVP IT
SECUERITY REQUIREMENTS
If you are an individual who is only concerned about the security needs of your home
computer and do not want to learn alot about computer security, then there are some simple
guidelines that you should read;
Most home computers require the following:
A personal firewall when connecting to the internet over any type of connection. Anti-virus software that is kept updated. Back up your data onto another computer, CD-ROM, ZIP drive, or tape regularly. Regular security updates to the operating system (these are not as critical if a personal
firewall is installed, but this item is still important). Regular updates to the applications run on the system such as Microsoft Office.
Be aware of the following:
You should also be aware that most data that you send or receive on the internet can be
read by other people. Therefore you should be aware of the sensitivity of the data or
information you are sending. If you need to send confidential data you should only send
it to sites that begin with https:// or use some software to encrypt your data.
Be careful when opening email attachments since they may contain hostile programs even if your antivirus software has not detected it.
Be careful when downloading and installing programs on the internet. You should scan any programs for viruses that you get on the internet, but also be aware that some programs may be spyware or other malware used to gain access to your system.
If you are someone who is responsible for your orgainzation's security and/or you are
learning about computer security, then you should read this complete document.
xi
08IT035 VVP IT
SECURITY ATTACKS
This page lists types of security attacks. This document will address security issues, measures,
and policies which take these types of attacks into consideration.
DoS- Denial of Service Trojan Horse - Comes with other software. Virus - Reproduces itself by attaching to other executable files. Worm - Self-reproducing program. Creates copies of itself. Worms that spread using
e-mail address books are often called viruses.
xii
08IT035 VVP IT
Logic Bomb - Dormant until an event triggers it (Date, user action, random trigger, etc.).
Hacker Attacks
I use the term "hacker attacks" to indicate hacker attacks that are not automated by programs
such as viruses, worms, or trojan horse programs. There are various forms that exploit
weakneses in security. Many of these may cause loss of service or system crashes.
IP spoofing - An attacker may fake their IP address so the receiver thinks it is sent
from a location that it is not actually from. There are various forms and results to this
attack.
o The attack may be directed to a specific computer addressed as though it is
from that same computer. This may make the computer think that it is talking
to itself. This may cause some operating systems such as Windows to crash or
lock up.
Gaining access through source routing. Hackers may be able to break through other
friendly but less secure networks and get access to your network using this method.
Man in the middle attack -
o Session hijacking - An attacker may watch a session open on a network. Once
authentication is complete, they may attack the client computer to disable it,
and use IP spoofing to claim to be the client who was just authenticated and
steal the session. This attack can be prevented if the two legitimate systems
share a secret which is checked periodically during the session.
Server spoofing - A C2MYAZZ utility can be run on Windows 95 stations to request
LANMAN (in the clear) authentication from the client. The attacker will run this
utility while acting like the server while the user attempts to login. If the client is
tricked into sending LANMAN authentication, the attacker can read their username
and password from the network packets sent.
DNS poisoning - This is an attack where DNS information is falsified. This attack can
succeed under the right conditions, but may not be real practical as an attack form. The
attacker will send incorrect DNS information which can cause traffic to be diverted.
The DNS information can be falsified since name servers do not verify the source of a
xiii
08IT035 VVP IT
DNS reply. When a DNS request is sent, an attacker can send a false DNS reply with
additional bogus information which the requesting DNS server may cache. This attack
can be used to divert users from a correct webserver such as a bank and capture
information from customers when they attempt to logon.
Hostile Software
Hostile software programs may have several different types of functions. These functions
may cause damage or allow unauthorized access to be gained allowing the program to be
spread or information may be compromised. These are some functions that hostile software
may perform:
Damaging operating systems. Damaging or destroying data. Sniffing the network for any data or passwords. Installing itself or some other hostile software on computer systems for later use. Acquisition of unencrypted passwords on the network. Forwarding compromised information to hostile parties through the firewall. Harvesting e-mail addresses. Putting unsolicited advertisements on infected computer systems. These programs are
called adware and may come with other "useful" applications. Spyware - A type of program that usually comes with a useful application but sends
information to its creator about what the computer user is doing on the internet. Some of these programs creators actually tell the user that the program comes with ability to see what the user is doing on the internet. Others do not.
You should be aware that all types of hostile programs such as viruses and trojans can
perform any of the above functions. There is a tendency for viruses to only damage systems
or data, and trojan programs to send compromised data to other parties, but either type of
program can perform any of the functions. This is why all unauthorized programs are a very
serious matter.
Viruses
Viruses reproduce themselves by attaching themselves to other files that the used does not
realize are infected. Viruses are spread today mainly through E-mail attachments. The
attachment may be a file that is a legitimate file but the virus may be attached as a macro
xiv
08IT035 VVP IT
program in the file. An example is a Microsoft word file. These files can contain macro
programs which can be run by Microsoft Word. A virus may infect these files as a macro and
when they get on the next user's computer, they can infect other files. These virus programs
normally take advantage of a security vulnerability of the running application. In the case of
this example a Microsoft Word macro permission security vulnerability is exploited. Viruses
can directly affect executable files or Dynamic Link Library (DLL ) files that the operating
systems and applications use to run.
Usually the virus will spread before it will do anything that may alert the user to its presence.
The countermeasure to prevent virus programs from infiltrating your organization is to
implement the countermeasures in the section titled "Software vulnerability Control".
Running virus scanning software on every computer in the organization is a primary step in
minimizing this step.
Trojan Horse Software
The name "Trojan horse" comes from the historical incident where the Greeks built a horse
statue as a tool to take the city of Troy. They hid soldiers inside. The people of Troy thought
that they were victorious and the gods had given them the horse as a gift, they pulled the horse
inside the city. At night the soldiers inside the horse snuck out and opened the gates of the city
letting the main Greek army into the city.
Trojan horse software is software that appears to have some useful function, but some hidden
purpose awaits inside. This purpose may be to send sensitive information from inside your
organization to the author of the software.
The countermeasure to prevent trojan horse programs from infiltrating your organization is to
implement the countermeasures in the section titled "Software vulnerability Control".
Allowing only approved software with proper testing to be run in the organization will
minimize the threat of these programs. The organizational security policy can help ensure that
all members of the organization operate in compliance with this countermeasure.
xv
08IT035 VVP IT
Password cracking - Used to get the password of a user or administrator on a network and gain unauthorized access
Buffer-overflow attacks
Buffer overflows are a favorite exploit for hackers. The vast majority of Microsoft's available
patches fix unchecked buffer problems -- but what about applications developed in-house?
They are just as susceptible as commercial applications to buffer-overflow attack. It is
therefore critical that you understand how they work and perform vulnerability testing on your
home-grown applications prior to deployment.
A buffer overflow is an exploit that takes advantage of a program that is waiting on a user's
input. There are two main types of buffer overflow attacks: stack based and heap based. Heap-
based attacks flood the memory space reserved for a program, but the difficulty involved with
performing such an attack makes them rare. Stack-based buffer overflows are by far the most
common.
xvi
08IT035 VVP IT
TYPES OF INTERNET SECURITY
3.1 Network Layer Security
The network layout has much influence over the security of the network. The placement of
servers with respect to the firewall and various other computers can affect both network
performance and security. There may even be areas of the network that are more secure than
others. Some of these areas may be further protected with an additional firewall. A typical
network is shown below.
xvii
08IT035 VVP IT
In this network, the box labeled "IDS" is an intrusion detection system which may be a
computer or deviced designed to log network activity and detect any suspicious activity. In
this diagram it is shown outside the firewall, on the semi-private network and protecting the
servers on the private network. It may be a good idea to place an IDS just inside the firewall
to protect the entire private network since an attack may be first launched against a
workstation before being launched against a server. The IDS protecting the servers could be
moved to protect the entire private network, but depending on cost and requirements it is also
good to protect your servers, especially the mail server.
The semi-private network is commonly called a "DMZ" (for DeMilitarized Zone) in many
security circles. In this diagram the semi-private network contains a mail relay box to increase
security since the mail server is not directly accessed. The mail relay box routes mail between
the internet and the mail server.
Other network equipment used includes:
xviii
08IT035 VVP IT
Routers - Used to route traffic between physical networks. Many routers provide packet filtering using access control lists (ACLs). This can enhance network security when configured properly. Routers can be configured to drop packets for some services and also drop packets depending on the source and/or destination address. Therefore routers can help raise the security between different segments on a network and also help isolate the spread of viruses.
Switches - A switch is used to regulate traffic at the data link layer of the OSI network model. This is the layer which uses the Media Access Control (MAC) address. It is used to connect several systems to the network and regulates network traffic to reduce traffic on the network media. This can reduce collisions.
Media - The physical cable that carries the signal for the network traffic.
Routers can be set up to perform packet filtering to enhance network security.
1.2 Network/User Functions
The consideration of how each computer system on the network is used is a very important
part of computer and network security. These considerations can even be used to enhance cost
savings where neccessary.
Many times when security vulnerabilities are published, an older version of software may not
be supported by the manufacturer. This may require an operating system upgrade or an
additional license to be purchased to upgrade specific software. This may be very cost
prohibitive to many organizations. When dealing with these situations, it is important to
consider your network layout and how it is used.
One consideration that should be kept in mind when dealing with network security is what
users can perform what functions and what computers these users can use. For example the
following situation may exist in an organization:
Some users can receive and send both internal and external e-mail while others can only send and receive internal e-mail.
User's who can only send and receive internal e-mail will not have users on their systems who can use external e-mail.
Considering this situation, the computers that can only receive internal e-mail are less of a
security risk than those who can receive external e-mail. Many viruses spread with e-mail. If
computers that send and receive external email do not get the virus, then it is not likely to
spread to those computers that only deal with internal e-mail. Therefore it is more important
xix
08IT035 VVP IT
to fix application vulnerabilities on computers that deal with external e-mail than on those that
do not. In this way, a virtual perimeter of protection may be established in an organization.
This may not be the most secure network configuration, but it is much more secure than not
updating any computers at all.
1.3 Network security
In the field of networking, the specialist area of network security. consists of the provisions
and policies adopted by the network administrator to prevent and monitor unauthorized
access, misuse, modification, or denial of the computer network and network-accessible
resources.
Network security concepts
Network security starts from authenticating the user, commonly with a username and a
password. Since this requires just one thing besides the user name, i.e. the password which is
something you 'know', this is sometimes termed one factor authentication. With two factor
authentication something you 'have' is also used (e.g. a security token or 'dongle', an ATM
card, or your mobile phone), or with three factor authentication something you 'are' is also
used (e.g. a fingerprint or retinal scan).
Once authenticated, a firewall enforces access policies such as what services are allowed to be
accessed by the network users. Though effective to prevent unauthorized access, this
component may fail to check potentially harmful content such as computer worms or Trojans
being transmitted over the network. Anti-virus software or an intrusion prevention system
(IPS), help detect and inhibit the action of such malware. An anomaly-based intrusion
detection system may also monitor the network and traffic for unexpected (i.e. suspicious)
content or behavior and other anomalies to protect resources, e.g. from denial of service
attacks or an employee accessing files at strange times. Individual events occurring on the
network may be logged for audit purposes and for later high level analysis.
Communication between two hosts using a network could be encrypted to maintain privacy.
xx
08IT035 VVP IT
Honeypots, essentially decoy network-accessible resources, could be deployed in a network as
surveillance and early-warning tools as the honeypot will not normally be accessed.
Techniques used by the attackers that attempt to compromise these decoy resources are
studied during and after an attack to keep an eye on new exploitation techniques. Such
analysis could be used to further tighten security of the actual network being protected by the
honeypot.
Security management
Security Management for networks is different for all kinds of situations. A small home or an
office would only require basic security while large businesses will require high maintenance
and advanced software and hardware to prevent malicious attacks from hacking and
spamming.
Small homes
A basic firewall like COMODO Internet Security or a unified threat management system.
For Windows users, basic Antivirus software like AVG Antivirus, ESET NOD32 Antivirus, Kaspersky, McAfee, Avast!, Zone Alarm Security Suite or Norton AntiVirus. An anti-spyware program such as Windows Defender or Spybot – Search & Destroy would also be a good idea. There are many other types of antivirus or anti-spyware programs out there to be considered.
When using a wireless connection, use a robust password. Also try to use the strongest security supported by your wireless devices, such as WPA2 with AES encryption.
If using Wireless: Change the default SSID network name, also disable SSID Broadcast; as this function is unnecessary for home use. (However, many security experts consider this to be relatively useless. http://blogs.zdnet.com/Ou/index.php?p=43 )
Enable MAC Address filtering to keep track of all home network MAC devices connecting to your router.
Assign STATIC IP addresses to network devices. Disable ICMP ping on router. Review router or firewall logs to help identify abnormal network connections or traffic
to the Internet. Use passwords for all accounts. Have multiple accounts per family member, using non-administrative accounts for
day-to-day activities. Disable the guest account (Control Panel> Administrative Tools> Computer Management> Users).
xxi
08IT035 VVP IT
Raise awareness about information security to children.
Medium businesses
A fairly strong firewall or Unified Threat Management System Strong Antivirus software and Internet Security Software. For authentication, use strong passwords and change it on a bi-weekly/monthly basis. When using a wireless connection, use a robust password. Raise awareness about physical security to employees. Use an optional network analyzer or network monitor. An enlightened administrator or manager.
Large businesses
A strong firewall and proxy to keep unwanted people out. A strong Antivirus software package and Internet Security Software package. For authentication, use strong passwords and change it on a weekly/bi-weekly basis. When using a wireless connection, use a robust password.
Exercise physical security precautions to employees. Prepare a network analyzer or network monitor and use it when needed. Implement physical security management like closed circuit television for entry areas
and restricted zones. Security fencing to mark the company's perimeter. Fire extinguishers for fire-sensitive areas like server rooms and security rooms. Security guards can help to maximize security.
School
An adjustable firewall and proxy to allow authorized users access from the outside and inside.
Strong Antivirus software and Internet Security Software packages. Wireless connections that lead to firewalls. Children's Internet Protection Act compliance. Supervision of network to guarantee updates and changes based on popular site usage. Constant supervision by teachers, librarians, and administrators to guarantee
protection against attacks by both internet and sneakernet sources. security via firewall
Large government
A strong firewall and proxy to keep unwanted people out. Strong Antivirus software and Internet Security Software suites. Strong encryption.
xxii
08IT035 VVP IT
White list authorized wireless connection, block all else. All network hardware is in secure zones. All host should be on a private network that is invisible from the outside. Put web servers in a DMZ, or a firewall from the outside and from the inside. Security fencing to mark perimeter and set wireless range to this.
3.2 Electronic mail security (E-mail)
Background Understanding of how email messages are composed, delivered, and stored is helpful in understanding email security.This is a multiple step process. The process starts with message composition. When the user finishes composing the message and sends the message, the message is then transformed into a specific standard format specified by Request for Comments (RFC) 2822, Internet Message Format. Once the message is translated into an RFC 2822 formatted message, it can be transmitted. Using a network connection, the mail client, referred to as a mail user agent (MUA), connects to a mail transfer agent (MTA) operating on the mail server. After initiating communication, the mail client provides the sender’s identity to the server. Next, using the mail server commands, the client tells the server who are the intended recipients. After the complete recipient list is sent to the server the client supplies the message. Once the mail server is processing the message, several events occur: recipient server identification, connection establishment, and message transmission. Using Domain Name System (DNS) services, the sender’s mail server determines the mail server(s) for the recipient(s). Then, the server opens up a connection(s) to the recipient mail server(s) and sends the message employing a process similar to that used by the originating client. Finally the message is delivered to the recipient.
Pretty Good Privacy (PGP) PGP provides confidentiality by encrypting messages to be transmitted or data files to be stored locally using an encryption algorithm such 3DES, CAST-128. Email messages can be protected by using cryptography in various ways, such as the following:
Sign an email message to ensure its integrity and confirm the identity of its sender.
Encrypt the body of an email message to ensure its confidentiality. Encrypt the communications between mail servers to protect the confidentiality
of both the message body and message header.(Cryptography)
The first two methods, message signing and message body encryption, are often used
together. The third cryptography method, encrypting the transmissions between mail servers,
is typically applicable only when two organizations want to protect emails regularly sent
between them. For example, the organizations could establish a virtual private network .(VPN)
xxiii
08IT035 VVP IT
to encrypt the communications between their mail servers over the Internet. Unlike methods
that can only encrypt a message body, a VPN can encrypt entire messages, including email
header information such as senders, recipients, and subjects. In some cases, organizations may
need to protect header information. However, a VPN solution alone cannot provide a message
signing mechanism, nor can it provide protection for email messages along the entire route
from sender to recipient.
Multipurpose Internet Mail Extensions (MIME) MIME transforms non-ASCII data at the sender's site to Network Virtual Terminal (NVT) ASCII data and delivers it to client's Simple Mail Transfer Protocol (SMTP) to be sent through the internet. The server SMTP at the receiver's side receives the NVT ASCII data and delivers it to MIME to be transformed back to the original non-ASCII data.
Secure/Multipurpose Internet Mail Extensions (S/MIME) S/MIME provides a consistent means to securely send and receive MIME data. S/MIME is not only limited to email but can be used with any transport mechanism that carries MIME data, such Hypertext Transfer Protocol (HTTP).
Anti-Spam Control Most modern mail servers use several anti-spam controls, one of which is the Real-time Blackhole List or RBL. The Real-time Blackhole List prevents mail coming from known spamming domains from reaching your users. It does this by comparing the IP address of the sender with a list of known spammers. If the IP address is found, the mail is rejected.
Firewall Protection
xxiv
08IT035 VVP IT
It limits and regulates the access from the outside to the internal network and also regulates
traffic going out. It is used to keep outsiders from gaining information to secrets or from
doing damage to internal computer systems. Firewalls are also used to limit the access of
individuals on the internal network to services on the internet along with keeping track of
what is done through the firewall.
Firewalls filter traffic based on their protocol, sending or receiving port, sending or receiving
IP address, or the value of some status bits in the packet. There are several types of firewalls
which include packet filtering, circuit level relay, and application proxy.
If your organization does not have a firewall, get one. At least implement a packet filtering
firewall on a Linux based computer, if money is the concern.
The firewall should filter e-mail, FTP file transfers, and web content traffic for potential harmful or hostile code and viruses.
No computer should be directly connected to the internet without going through an IS approved firewall. This means independent modem connections to the internet should be forbidden.
Firewall Policy
Set up a "spoofing filter" on your firewall - Don't allow traffic from the internet that indicates a source IP address matching any of your internal network addresses. This keeps attackers from "spoofing" your machines and possibly causing them to crash.
Prevent spoofing from your network - Place an outbound filter (for addresses inside your
network attempting outside access) on the firewall that only allows traffic from valid internal
network addresses to be serviced. This should prevent attacks against other networks from
being originated in your network.
Types of Firewalls
Packet Filters
Packet filters are one of several different types of firewalls that process network traffic on packet-by-packet basis. Its main job is to filter traffic from a remote IP host, so a router is needed to connect the internal network to the internet. The routers is known as screening router, which screens packets leaving and entering the network.
xxv
08IT035 VVP IT
Circuit-Level Gateways
The Circuit-Level Gateway represents proxy server that statically defines what traffic will be allowed. Circuit proxies always forward packets containing a given port number, if the port number is permitted by the rules set. This gateway operates at the network level of OSI model. IT act as IP address translator between internet and internal network. The main advantage of proxy server is its ability to provide Network Address Translation (NAT). NAT hides the IP address from the internet. This process effectively protects all internal information from internet.
Application-Level Gateways
The application-level gateways represents the proxy server operating at the TCP/IP application level. A packet is forwarded only if a connection is established using some known protocol. The application gateway analysis the whole message instead of individual packets when receiving or sending data.
Password Security
Passwords are a primary piece of information that intruders will try to acquire in order to gain
unauthorized access to systems or networks.
Password Storage
When users enter passwords for the network or operating system, they or some facsimile of
them must be stored so there is something to compare user login attempts to. There are three
primary choices for password storage:
Clear text Encrypted password Hash value of a password - Used by Unix and Windows NT
The storage locations may be:
Root or administrator readable only Readable by anyone.
Passwords are more secure when they can only be read by the administrator or root account.
Also the best password storage security is to store the hashed value of a password.
xxvi
08IT035 VVP IT
Typical Hashing Functions
UNIX - Algorithm similar to DES with 56 bit key. There are two random characters (salt) are added to the algorithm so two password values are not stored the same even if they are the same.
Windows NT - MD4 is used to generate a 128 bit value.
Password Protection and Cracking
Passwords should be chosen wisely and a dictionary word should never be used. This is
because if an attacker can get the hashed or encrypted value of a password, they can run
password guessing programs to eventually guess the password by comparing the encryped
result of the guess to the actual encrypted password. The easiest password attack is a
dictionary attack where dictionary words are used to guess the password. Other attacks
include a brute force attack which can take much longer than a dictionary attack. This is why
passwords should have a minimum length and a minimum degree of complexity. The
complexity requirements should include three of four of the following four types of
characters:
Lowercase Uppercase Numbers Special characters such as !@#$%^&*(){}[]
For help in choosing passwords wisely see the article Tips for choosing Passwords that can
be easily remembered, but are secure
Protocols to send passwords
PAP - Password Authentication Protocol - Used with Point to Point Protocol (PPP).
The password is sent in the clear.
CHAP - Challenge handshake authentication protocol is preferred rather than PAP since the
actual password is not sent across the internet or network.
xxvii
08IT035 VVP IT
Anti-virus
Some apparently useful programs also contain features with hidden malicious intent. Such
programs are known as Malware, Viruses, Trojans, Worms, Spyware and Bots.
Malware is the most general name for any malicious software designed for example to infiltrate, spy on or damage a computer or other programmable device or system of sufficient complexity, such as a home or office computer system, network, mobile phone, PDA, automated device or robot.
Viruses are programs which are able to replicate their structure or effect by integrating themselves or references to themselves, etc. into existing files or structures on a penetrated computer. They usually also have a malicious or humorous payload designed to threaten or modify the actions or data of the host device or system without consent. For example by deleting, corrupting or otherwise hiding information from its owner.
Trojans (Trojan Horses) are programs which may pretend to do one thing, but in reality steal information, alter it or cause other problems on a such as a computer or programmable device / system.
Spyware includes programs that surreptitiously monitor keystrokes, or other activity on a computer system and report that information to others without consent.
Worms are programs which are able to replicate themselves over a (possibly extensive) computer network, and also perform malicious acts that may ultimately affect a whole society / economy.
Bots are programs that take over and use the resources of a computer system over a network without consent, and communicate those results to others who may control the Bots.
The above concepts overlap and they can obviously be combined. The terminology, along
with the dangers involved, are constantly evolving.
Antivirus programs and Internet security programs are useful in protecting a computer or
programmable device / system from malware.
Such programs are used to detect and usually eliminate viruses. Anti-virus software can be
purchased or downloaded via the Internet. Care should be taken in selecting anti-virus
software, as some programs are not as effective as others in finding and eliminating viruses or
malware. Also, when downloading anti-virus software from the Internet, one should be
cautious as some websites say they are providing protection from viruses with their software,
but are really trying to install malware on your computer by disguising it as something else.
xxviii
08IT035 VVP IT
Anti-spyware
There are two major kinds of threats in relation to spyware:
Spyware collects and relays data from the compromised computer to a third-party.
Adware automatically plays, displays, or downloads advertisements. Some types of adware
are also spyware and can be classified as privacy-invasive software. Adware often are
integrated with other software.
Browser choice
As of December 2008, 68.2% of the browser market was held by Internet Explorer. As a
result, malware creators often exploit Internet Explorer. Internet Explorer market share is
continuously dropping (as of 2009; see list of web browsers for statistics) as users switch to
other browsers, most notably Firefox (with 21.3% market share), Safari (web browser) (with
7.9% market share) and Google Chrome (1% market share).
xxix
08IT035 VVP IT
USER SECURITY ISSUES
User Education
Use caution opening e-mails. Do not open mail from unknown originators. Make users aware of ability for hackers to hide executable files as text or other
harmless file types. Users must be educated not to use the same passwords at work that they may use over
unsecured connections on the internet.
Password Policies
Logon passwords must be changed at least every 90 days (30-60 days recommended). Minimum password age policy - 5 days. Passwords must be at least 8 characters long and use at least two numbers. On Windows Domain networks in the "Domain Security Policy" tool, select "Security
Settings", "Account Policies", and "Password Policy". Enable the "passwords must meet complexity requirements" rule. This means at least one character from three of the following categories must be included:
o lowercase
o uppercase
o numbers
o special characters such as !@#$%^&*(){}[]
Passwords must be kept secret and not written down. Don't let programs save passwords. Lock account after 3 failed logon attempts within 15 minutes. Account lockout should be reset by an administrator.
xxx
08IT035 VVP IT
No clear text passwords that can allow access to any sensitive information should be sent through any unsecured network such as the internet.
The use of clear text passwords that can allow access to any sensitive information on a secure network should be avoided. This means that the use of FTP programs (unless over VPN) should be avoided. Secure Shell (SSH) programs can be used to perform the same function with encrypted passwords.
Passwords should not be stored using reversible encryption.
Account Policy
Remote users should be disconnected on NT domains after 1-4 hours of inactivity. This keeps users logged off after business hours so attackers can't use an open account to launch an attack from. Also any open files are closed and the tape backup program can backup all files. Open files are not backed up.
Set the account policy "Users must log on in order to change password".
Server Policies on Windows Domains
Don't rename the Administrator Account, but don't allow it to access the domain controller computer(s) from the network. Create a new account with the same or similar privileges as the administrator and give this account an ability to access the domain controllers over the network. When someone tries to log onto the administrator account over the network, it can be flagged as an attempted security violation.
xxxi
08IT035 VVP IT
SECURTY SERVICES
enhance security of data processing systems and information transfers of an
organization
intended to counter security attacks
using one or more security mechanisms
often replicates functions normally associated with physical documents
which, for example, have signatures, dates; need protection from disclosure, tampering, or
destruction; be notarized or witnessed; be recorded or licensed
X.800:
“a service provided by a protocol layer of communicating open systems, which ensures
adequate security of the systems or of data transfers”
RFC 2828:
“a processing or communication service provided by a system to give a specific kind of
protection to system resources”
xxxii
08IT035 VVP IT
MODEL FOR INTERNET SECURITY
using this model requires us to:
o design a suitable algorithm for the security transformation
o generate the secret information (keys) used by the algorithm
xxxiii
08IT035 VVP IT
o develop methods to distribute and share the secret information
o specify a protocol enabling the principals to use the transformation and secret information for a security service
MODEL FOR NETWORK ACCESS SECURITY
xxxiv
08IT035 VVP IT
using this model requires us to:
o select appropriate gatekeeper functions to identify users
o implement security controls to ensure only authorised users access designated
information or resources
trusted computer systems may be useful to help implement this model
CONCLUSIONS
Computer security is a vast topic that is becoming more important because the world is
becoming highly interconnected, with networks being used to carry out critical transactions.
The environment in which machines must survive has changed radically since the
popularization of the Internet. Deciding to connect a local area network (LAN) to the Internet
is a security-critical decision. The root of most security problems is software that fails in
unexpected ways. Although software security as a field has much maturing to do, it has much
to offer to those practitioners interested in striking at the heart of security problems. The goal
of this book is to familiarize you with the current best practices for keeping security flaws out
of your software.
Good software security practices can help ensure that software behaves properly. Safety-
critical and high-assurance system designers have always taken great pains to analyze and to
track software behavior. Security-critical system designers must follow suit. We can avoid the
Band-Aid-like penetrate-and-patch approach to security only by considering security as a
crucial system property. This requires integrating software security into your entire software
engineering process.
xxxv
08IT035 VVP IT
REFERENCES
http://www.wikipedia.com/internetsecurity
http://howstuffworks.com/internetsecurity
http://internetsecurity.sys-con.com
http://answers.com
http://www.ibm.com/developerworks/websphere/techjournal/
0904_amrhein/0904_amrhein.html
http://Amazon.com
http://itcd.hq.nasa.gov/networking-vpn.html
xxxvi
